Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Submission + - "Bad Taste" vulnerability in GNOME: VBscript injection 1

KiloByte writes: A new vulnerability, named "Bad Taste, allows arbitrary code execution via the GNOME thumbnailer if you make any GNOME component that displays file icons see a crafted .msi file in a directory you're browsing.

The vulnerability can be triggered only if you have Wine installed, but it comes as no fault of the latter: GNOME misparses file names into a well-formed VBscript invocation.

Submission + - Five (or more) good reasons to ignore the South Carolina election hacking story

chicksdaddy writes: What should we make of the latest reports from WSJ (https://www.wsj.com/articles/south-carolina-may-prove-a-microcosm-of-u-s-election-hacking-efforts-1500202806), The Hill, etc. that South Carolina's election systems were bombarded with 150,000 hacking attempts? Not much, argues Security Ledger in a news analysis that argues there are lots of good reasons to ignore this story, if not the very real problem of election hacking.
The stories, which were based on this report from The South Carolina Election Commission (PDF — https://goo.gl/TGKJEm)

"The key phrase in that report is 'attempts to penetrate.'" Security Ledger notes. Information security professionals would refer to that by more mundane terms like “port scans” or probes. These are kind of the 'dog bites man' stories of the cyber beat — common (here's one from 2012 https://www.usnews.com/news/ar...) but ill informed. "The kinds of undifferentiated scans that the report is talking about are the Internet equivalent of people driving slowly past your house."

While some of those 150,000 attempts well be attempts to hack South Carolina's elections systems, many are undifferentiated, while some may be legitimate, if misdirected. Whatever the case, they're background noise on the Internet and hardly unique to South Carolina's voter registration systems. They're certainly not evidence of sophisticated, nation-state efforts to crack the U.S. election system by Russia, China or anyone else, Security Ledger argues.

"The problem with lumping all these “hacking attempts” in the same breath as you talk about sophisticated and targeted attacks on the Clinton Campaign, the DCCC and successful penetration of some state election boards is that it dramatically distorts the nature and scope of the threat to the U.S. election system which – again – is very real."

The election story is one "that demands thoughtful and pointed reporting that can explore (and explode) efforts by foreign actors to subvert the U.S. vote and thus its democracy," the piece goes on to argue. "That’s especially true in an environment in which regulators and elected officials seem strangely incurious (http://www.businessinsider.com/dhs-is-refusing-to-investigate-hack-of-voting-machines-2017-6) about such incidents and disinclined to investigate them.

Submission + - Is password masking on its way out? 2

thegreatbob writes: Perhaps you've noticed in the last 5 years or so, progressively more entities have been providing the ability to reveal the contents of a password field. While this ability is, in many cases (especially on devices with lousy keyboards), legitimately useful, it does seem to be a reasonable source of concern.

Fast forward to today; I was setting up a new router (cheapest dual-band router money can, from Tenda), and I was almost horrified to discover that it does not mask any of its passwords by default. So I ask Slashdot:

Is password masking really on its way out, and does password masking do anything beyond preventing the casual shoulder-surfer?

Submission + - When pushed, Quantum particles can fight back... (phys.org)

slew writes: Who knew quantum particles were passive aggressive?

It's subtle, but researchers "have shown that backflow can always occur, even if a force is acting on the quantum particle while it travels. The backflow effect is the result of wave-particle duality and the probabilistic nature of quantum mechanics, and it is already well understood in an idealised case of force-free motion."

"The backflow effect in quantum mechanics has been known for quite a while, but it has always been discussed in regards to 'free' quantum particles, i.e., no external forces are acting on the particle.

Obligatory pointer to paper pre-print...

Submission + - Michigan Government Blocks Hundreds of Twitter Accounts

randomErr writes: Nearly 800 Twitter accounts have been blocked or muted by Michigan state government accounts, which some argue violates First Amendment rights. The Lansing State Journal obtained records of the blocked users through a Freedom of Information Act request. The blocked Twitter handles include the official @POTUS presidential account now controlled by the Trump administration. Blocked users cannot access tweets from those agencies, which range from lighthearted memes to official announcements sometimes related to public safety.

Submission + - New algorithm for cutting edge hardware eliminates sensor saturation (scitechdaily.com)

Baron_Yam writes: From the article: "Researchers from MIT and the Technical University of Munich have developed a new technique could lead to cameras that can handle light of any intensity, audio that doesn’t skip or pop."

With a new type of sensor that does not use voltage as an output signal and a bit of clever math, it turns out you can vastly increase the useful sensitivity range of electronic detection devices.

Submission + - Flying Cars, Here's How

wolfheart111 writes: Flying cars should be built via extensions of high rise apartment building. They will need to be fully autopilot and via roads that have built in clutter collection tech.

Im thinking a tower with drones around it. :)

Submission + - First bicycle tax in nation (washingtontimes.com)

turkeydance writes: In Oregon, a state known for its avid bicycling culture, the state legislature’s approval of the first bike tax in the nation has fallen flat with riders.
Democratic Gov. Kate Brown is expected to sign the sweeping $5.3 billion transportation package, which includes a $15 excise tax on the sale of bicycles costing more than $200 with a wheel diameter of at least 26 inches.Even though the funding has been earmarked for improvements that will benefit cyclists, the tax has managed to irk both anti-tax Republicans and environmentally conscious bikers alike.

Submission + - Exploit Derived From EternalSynergy Upgraded to Target Newer Windows Versions (bleepingcomputer.com)

An anonymous reader writes: Thai security researcher Worawit Wang has put together an exploit based on ETERNALSYNERGY that can also target newer versions of the Windows operating system. ETERNALSYNERGY is one of the NSA exploits leaked by the Shadow Brokers hacking group in April this year. According to a Microsoft technical analysis, the exploit can allow an attacker to execute code on Windows machines with SMB services exposed to external connections. The exploit works up to Windows 8. According to Microsoft, the techniques used in the original ETERNALSYNERGY exploit do not work on newer platforms due to several kernel security improvements.

Wang says his exploit targets the same vulnerability but uses a different exploitation technique. His method "should never crash a target," the expert says. "Chance should be nearly 0%," Wang adds. Combining his exploit with the original ETERNALSYNERGY exploit would allow a hacker to target all Windows versions except Windows 10. This is about 75% of all Windows PCs. The exploit code is available for download from Wang's GitHub or ExploitDB. Sheila A. Berta, a security researcher for Telefonica's Eleven Paths security unit, has published a step-by-step guide on how to use Wang's exploit.

Submission + - Private Student Loan Debts May Be Wiped Away By Missing Paperwork (nytimes.com)

cdreimer writes: According to The New York Times: "Tens of thousands of people who took out private loans to pay for college but have not been able to keep up payments may get their debts wiped away because critical paperwork is missing. The troubled loans, which total at least $5 billion, are at the center of a protracted legal dispute between the student borrowers and a group of creditors who have aggressively pursued them in court after they fell behind on payments. Judges have already dismissed dozens of lawsuits against former students, essentially wiping out their debt, because documents proving who owns the loans are missing. A review of court records by The New York Times shows that many other collection cases are deeply flawed, with incomplete ownership records and mass-produced documentation. Some of the problems playing out now in the $108 billion private student loan market are reminiscent of those that arose from the subprime mortgage crisis a decade ago, when billions of dollars in subprime mortgage loans were ruled uncollectable by courts because of missing or fake documentation. And like those troubled mortgages, private student loans — which come with higher interest rates and fewer consumer protections than federal loans — are often targeted at the most vulnerable borrowers, like those attending for-profit schools."

Submission + - Facial Recognition Coming to Police Body Cameras (defenseone.com)

schwit1 writes: Even if the cop who pulls you over doesn’t recognize you, the body camera on his chest eventually just might.

Device-maker Motorola will work with artificial intelligence software startup Neurala to build “real-time learning for a person of interest search” on products such as the Si500 body camera for police, the firm announced Monday.

Italian-born neuroscientist and Neurala founder Massimiliano Versace has created patent-pending image recognition and machine learning technology. It’s similar to other machine learning methods but far more scalable, so a device carried by that cop on his shoulder can learn to recognize shapes and — potentially faces — as quickly and reliably as a much larger and more powerful computer. It works by mimicking the mammalian brain, rather than the way computers have worked traditionally.

Versace’s research was funded, in part, by the Defense Advanced Research Projects Agency or DARPA under a program called SyNAPSE. In a 2010 paper for IEEE Spectrum, he describes the breakthrough. Basically, a tiny constellation of processors do the work of different parts of the brain — which is sometimes called neuromorphic computation — or “computation that can be divided up between hardware that processes like the body of a neuron and hardware that processes the way dendrites and axons do.” Versace’s research shows that AIs can learn in that environment using a lot less code.

Submission + - US and Australia finish a key round of hypersonic missile tests (engadget.com)

schwit1 writes: The US and its allies are determined to be first out of the gate with hypersonic weapons, and they've just taken a big stride forward in that regard... not that they're saying much about it. Both the US and Australia have confirmed that they recently completed a series of mysterious hypersonic missile tests. All the countries will say is that the flights were successful, and that they represented "significant milestones" in testing everything from the design assembly to the control mechanisms. They won't even say which vehicles were used or how quickly they traveled, although past tests have usually relied on Terrier Orion rockets (above) and have reached speeds as high as Mach 8.

The tests are part of the long-running HIFiRE (Hypersonic International Flight Research Experimentation) program, whose first launch took place way back in 2009. They should help bring hypersonic flight to a "range of applications," according to HIFiRE partner BAE. That could easily include ultra-fast aircraft, but it's widely believed the focus here is on missiles and similar unmanned weapons. A hypersonic missile would fulfill the US military's goal of building a conventional weapon that can strike anywhere within an hour, and it would be virtually impossible to stop using existing missile defenses. In theory, enemy nations wouldn't dare attack if they knew they'd face certain retaliation within minutes.

Any real-world uses of hypersonic weapons are likely years away, but they might come sooner than you think. US Navy Admiral Harry Harris recently worried about keeping up with (or ahead of) of hypersonic weapon development by the Chinese and Russians. These latest tests signal that the US isn't just treating hypersonic weapons as theoretical exercises. It wants practical uses in a reasonable time frame — if just to say that it's keeping up with its rivals.

Slashdot Top Deals

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Working...